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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 03 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 04 September 2003 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-34 is/are pending in the application. 

4a) Of the above claim(s) ■ is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 1-34 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)Q Alii b)Q Some * c)Q None of: 

Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q: Copies of the certified copies of the priority documents have been received in this National Stage 

: application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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3. 

4. 



DETAILED ACTION 
This office action is in response to the communication filed on 09/04/2003. 
The information disclosure statement received on 02/23/2004 has been considered, and a 
copy of the IDS 5 has been sent with this office action. 
Claims 1-34 have been presented for the examination. 
Claims 1-34 have been rejected. 

Double Patenting 



The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a 
policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" 
granted by a patent and to prevent possible harassment by multiple assignees. See In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 
4 1 8 F.2d 528, 1 63 USPQ 644 (CCPA 1 969). 

; A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or 
provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is 
shown to be commonly owned with this application. See 37 CFR 1.130(b). 

; Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal 
disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 



5. 



Claims 1-34 are provisionally rejected under the judicially created doctrine of obviousness 



type double patenting as being unpatentable over claims 1-33 of copending application no. 10/458628 
in view of Forslow (US 2002/0133534 Al). 



Regarding claims 1-34, although the conflicting claims are not identical, they are not 
patentably distinct from each other because all the elements/ features of claimed system of instant 
application exist in copending application in similar or different names, essentially performing same 



tasks. 



Differ ence between the conflicting claims of the instant application and the conflicting claims 



of the copending application is that the copending application claim set fails to disclose "restrict 



access 



. . . in accordance with a user policy. . . identifies an access control list". 
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: : However, Forslow discloses restricting VLAN user access in accordance with a user policy 
identified in a access control list/ ACL (Par [0031], [0035]; MAC address authentication; access 
control based on ACL). 

• ■ 
* 

; Copending a pplication 10/458628 and Forslow are analogous art because they are from the 

* 

same field of endeavor of access control/ authentication in VLAN. At the time of invention, it will be 
obvious to a person of ordinary skill in the art to combine the teaching of Forslow with the claim set 
of the copending application to design a network access device further comprising of restricting users 
based upon user policies in the ACL list in order to provide a stronger each user specific control 
mechanism (Forslow, Par [0031]-[0035]). 



6. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 



Claims 1-11, 13-21, and 23-33 are rejected under 35 USC 103 (a) as being unpatentable over 



Massarani (US 6393484B1) in view of Forslow (US 2002/0133534 Al). 



Regarding claim 1, Massarani discloses a network access device for providing network 
security, comprising: 

a plurality of input ports (Fig 1 ; network access ports; Col 4, lines 30-50); 
a switching fabric for routing data received on said plurality of input ports to at least one 
outputiport (Fig 1; Col 4, line 30-50; Col 5, line 55-65; router/ switch; interfaces); and 
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control logic adapted to authenticate a physical address of a user device coupled to one of said 
plurality of input ports (Col 4, line 30-50; Col 6, line 25-52), to authenticate user information 
provided by a user of said user device only if said physical address is valid (Col 4, line 30-50; Col 6, 



line 25 



-52; authenticating based on valid/ invalid MAC). 

Although Massarani further discloses a user authentication by setting route/switch filtering 



followed by a MAC authentication (Fig 4), Massarani fails to disclose expressly restricting access to 
said one of said plurality of input ports in accordance with a user policy associated with said user 
information only if said user information is valid. 

However, Forslow discloses restricting access to said one of said plurality of input ports in 
accordance with a user policy associated with said user information only if said user information is 
valid (Par [003 1], [0035]; MAC address authentication; access control based on ACL). 

; Forslow and Massarani are analogous art because they are from the same field of endeavor of 
network user access control/ authentication. At the time of invention, it will be obvious to a person of 
ordinary skill in the art to combine the teaching of Forslow with Massarani to design a network access 



device 



further comprising of restricting users based upon user policies in the ACL list in order to 



provide a stronger each user specific control mechanism ( Forslow, Par [0031]-[0035]). 



Regarding claim 13, it is rejected applying as above rejecting claim 1, furthermore, Massarani 
discloses a method for providing network security, comprising: 



(Col 4; 



authenticating a physical address of a user device coupled to a port of a network access device 
line 30-50; Col 6, line 25-52; authenticating based on valid/ invalid MAC); 
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♦ 
♦ 

• authenticating user information provided by a user of said user device only if said physical 
address is valid (Fig 4; a user authentication by setting route/switch filtering followed by a MAC 
authentication); 

Massarani fails to disclose restricting access to said port in accordance with a user policy 

■ 

associated with said user information only if said user information is valid . 

However, Forslow discloses restricting access to said port in accordance with a user policy 
associated with said user information only if said user information is valid (Par [0031], [0035]; MAC 
address authentication; access control based on ACL). 



Regarding claim 23 > it is rejected applying as above rejecting claim 1 and 13, furthermore, 
Massarani discloses network system, comprising: 
a data communications network (Fig 1); 

a network access device coupled to said data communications network (Fig 1); and 
a user device coupled to a port of said network access device (Fig 1); 
wherein said network access device is adapted to authenticate a physical address of said user 
device; to authenticate user information provided by a user of said user device only if said physical 
address is valid (Col 4, line 30-50; Col 6, line 25-52; authenticating based on valid/ invalid MAC); 

Although Massarani further discloses a user authentication by setting route/switch filtering 
followed by a MAC authentication (Fig 4), Massarani fails to disclose expressly restricting access to 
said orie of said plurality of input ports in accordance with a user policy associated with said user 
information only if said user information is valid. 
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However, Forslow discloses restricting access to said one of said plurality of input ports in 
accordance with a user policy associated with said user information only if said user information is 
valid (Par [0031], [0035]; MAC address authentication; access control based on ACL). 



Regarding claim 2, Massarani discloses the network access device wherein said physical 
address comprises a Media Access Control (MAC) address (Col 4, line 30-50; Col 6, line 25-52; 
MAC address). 



Regarding claim 3, Massarani discloses the network access device wherein said control logi 
is adapted to authenticate said user information in accordance with an IEEE 802. lx protocol (Col 4, 
lines 31-52). 

\ Regarding claim 4, Forslow discloses the network access device wherein said user policy 
identifies an access control list (Par [003 1 ]-[0035]). 

Regarding claim 5, Forslow discloses the network access device wherein said user policy 
includes an access control list (Par [0031]-[0035]). 

I Regarding claim 6, Forslow discloses the network access device wherein said user policy 
identifies a Media Access Control (MAC) address filter (Par [0031]-[0035], [0046]; claim 6,49; 
address filtering). 

: Regarding claim 7, Forslow discloses the network access device wherein said user policy 
includes a Media Access Control (MAC) address filter ( Par [003 1]-[0035], [0046]; claim 6,49; 
address filtering). 
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Regarding claim 8, Massarani discloses the network access device wherein said control logic 

• * 

is adapted to send said user information to an authentication server and to receive an accept message 
from said authentication server if said user information is valid (Col 6, line 25 to Col 7, line 35). 

• Regarding claim 9, Massarani discloses the network access device wherein said authentication 

« 

server comprises a Remote Authentication Dial-In User Service (RADIUS) server (Col 5, lines 15- 



30). 



Regarding claim 10, Massarani discloses the network access device comprising said accept 



message (Col 6, line 25 to Col 7, line 35). Massarani fails to disclose said accept message includes a 
user policy. 

However, Forslow discloses a user policy (Par [0031], [0035]; ACL policies/ restrictions) that 



can be 



included in said message. 



Regarding claim 11, Massarani discloses the network access device wherein said control logic 
is further adapted to assign said one of said plurality of input ports to a virtual local area network 
(VLAN) associated with said user information if said user information is valid (Col 4, lines 55 to Col 

* * 

5, line 50; LAN; Col 6, lines 40-60; access ports; associating valid MAC, network IP address, and 
other parameters). 

Regarding claims 14-21, they recite the limitations of claim 2-1 1 and 13, therefore, they are 
rejected applying as above rejecting claims 2-11 and 13. 

Regarding claims 24-33, they recite the limitations of claim 2-1 1 and 23, therefore, they are 
rejected applying as above rejecting claims 2-11 and 23. 
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7. 



Claims 12, 22 and 34 are rejected under 35 USC 103 (a) as being unpatentable over Massarani 



(US 6393484B1) in view of Forsjow (US 2002/0133534 Al) further in view of McNeill et al (US 
6167052). 



Regarding claim 12, Massarani discloses the network access device wherein said control 
logic is adapted to receive a message from an authentication server, wherein said message comprises a 
LAN identifier (ID) associated with said user information, and to assign said one of said plurality of 

* * 

input ports to a LAN associated with said LAN ID (Col 5, line 25 to Col Col 6, line 59; LAN; valid/ 
invalid IP addresses or network associated parameters). 

Althoug h Massarani teaches a LAN IP address, it fails to disclose expressly a VLAN ID. 
However, McNeill et al teaches use of VLAN identifier (Col 9, line 18 to Col 1 1, line25; associating 
VLAN number/ identifier to MAC and ACL) in that context. 

! McNeill et al Forslow and Massarani are analogous art because they are from the same field 
of endeavor of network user access control/ authentication. At the time of invention, it will be obvious 
to a person of ordinary skill in the art to combine the teaching of McNeill et al with Forslow- 
Massarani system to design a network access device further comprising the VLAN identifier in order 
to provide/ keep track of unique group/ user access control mechanism (McNeill et al Col 2, lines 
30-50), 

* 

Regarding claim 22, it recites the limitations of claims 12 and 13, therefore, it is rejected 
applying as above rejecting claim 12 and 13. 

: Regarding claim 34, it recites the limitations of claims 22 and 23, therefore, it is rejected 

♦ 

applying as above rejecting claim 22 and 23. 
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Conclusion 

8. ; A shortened statutory period for response to this action is set to expire in 3 (Three) months and 
0 (Zero) days from the mailing date of this letter. Failure to respond within the period for response will 

■ 

4 

result in ABANDOMENT of the application (see 35 U.S.C 133, M.P.E.P 710.02(b)). 

; Any inquiry concerning this communication or earlier communications from the examiner 
should; be directed to Shanto M Z Abedin whose telephone number is 571-272-3551, and fax number is 
571-273-3551. The examiner can normally be reached on M-F from 9:00 AM to 5:30 PM. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Moazzami Nasser, can 
be reached on 571-272-4195. The fax phone number for the organization where this application or 
proceeding is assigned is 703-872-9306. 

; Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications may 
be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications 
is available through Private PAIR only. For more information about the PAIR system, see http://pair- 

* 

direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 

* • 

Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Shanto M Z Abedin 

NASSER MOAZZAMI 

FvamWr ATT?n* SUPERVISORY PATENT EXAMINE' 

examiner, /\u l i jo TECHNOLOGY CENTER 21 00 



